Merge branch 'release'
commit
ac96408bc9
|
@ -1649,6 +1649,7 @@ class H5PCore {
|
||||||
const DISABLE_EMBED = 4;
|
const DISABLE_EMBED = 4;
|
||||||
const DISABLE_COPYRIGHT = 8;
|
const DISABLE_COPYRIGHT = 8;
|
||||||
const DISABLE_ABOUT = 16;
|
const DISABLE_ABOUT = 16;
|
||||||
|
const DISABLE_ALL = 31;
|
||||||
|
|
||||||
// Map flags to string
|
// Map flags to string
|
||||||
public static $disable = array(
|
public static $disable = array(
|
||||||
|
@ -2560,8 +2561,26 @@ class H5PContentValidator {
|
||||||
if (in_array('del', $tags) || in_array('strike', $tags) && ! in_array('s', $tags)) {
|
if (in_array('del', $tags) || in_array('strike', $tags) && ! in_array('s', $tags)) {
|
||||||
$tags[] = 's';
|
$tags[] = 's';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Determine allowed style tags
|
||||||
|
$stylePatterns = array();
|
||||||
|
if (isset($semantics->font)) {
|
||||||
|
if (isset($semantics->font->size) && $semantics->font->size) {
|
||||||
|
$stylePatterns[] = '/^font-size: *[0-9.]+(em|px|%) *;?$/i';
|
||||||
|
}
|
||||||
|
if (isset($semantics->font->family) && $semantics->font->family) {
|
||||||
|
$stylePatterns[] = '/^font-family: *[a-z0-9," ]+;?$/i';
|
||||||
|
}
|
||||||
|
if (isset($semantics->font->color) && $semantics->font->color) {
|
||||||
|
$stylePatterns[] = '/^color: *(#[a-f0-9]{3}[a-f0-9]{3}?|rgba?\([0-9, ]+\)) *;?$/i';
|
||||||
|
}
|
||||||
|
if (isset($semantics->font->background) && $semantics->font->background) {
|
||||||
|
$stylePatterns[] = '/^background-color: *(#[a-f0-9]{3}[a-f0-9]{3}?|rgba?\([0-9, ]+\)) *;?$/i';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Strip invalid HTML tags.
|
// Strip invalid HTML tags.
|
||||||
$text = $this->filter_xss($text, $tags);
|
$text = $this->filter_xss($text, $tags, $stylePatterns);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Filter text to plain text.
|
// Filter text to plain text.
|
||||||
|
@ -2984,7 +3003,7 @@ class H5PContentValidator {
|
||||||
*
|
*
|
||||||
* @ingroup sanitization
|
* @ingroup sanitization
|
||||||
*/
|
*/
|
||||||
private function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd')) {
|
private function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd'), $allowedStyles = FALSE) {
|
||||||
if (strlen($string) == 0) {
|
if (strlen($string) == 0) {
|
||||||
return $string;
|
return $string;
|
||||||
}
|
}
|
||||||
|
@ -2995,6 +3014,8 @@ class H5PContentValidator {
|
||||||
return '';
|
return '';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$this->allowedStyles = $allowedStyles;
|
||||||
|
|
||||||
// Store the text format.
|
// Store the text format.
|
||||||
$this->_filter_xss_split($allowed_tags, TRUE);
|
$this->_filter_xss_split($allowed_tags, TRUE);
|
||||||
// Remove NULL characters (ignored by some browsers).
|
// Remove NULL characters (ignored by some browsers).
|
||||||
|
@ -3088,7 +3109,7 @@ class H5PContentValidator {
|
||||||
$xhtml_slash = $count ? ' /' : '';
|
$xhtml_slash = $count ? ' /' : '';
|
||||||
|
|
||||||
// Clean up attributes.
|
// Clean up attributes.
|
||||||
$attr2 = implode(' ', $this->_filter_xss_attributes($attrlist));
|
$attr2 = implode(' ', $this->_filter_xss_attributes($attrlist, ($elem === 'span' ? $this->allowedStyles : FALSE)));
|
||||||
$attr2 = preg_replace('/[<>]/', '', $attr2);
|
$attr2 = preg_replace('/[<>]/', '', $attr2);
|
||||||
$attr2 = strlen($attr2) ? ' ' . $attr2 : '';
|
$attr2 = strlen($attr2) ? ' ' . $attr2 : '';
|
||||||
|
|
||||||
|
@ -3101,7 +3122,7 @@ class H5PContentValidator {
|
||||||
* @return
|
* @return
|
||||||
* Cleaned up version of the HTML attributes.
|
* Cleaned up version of the HTML attributes.
|
||||||
*/
|
*/
|
||||||
private function _filter_xss_attributes($attr) {
|
private function _filter_xss_attributes($attr, $allowedStyles = FALSE) {
|
||||||
$attrarr = array();
|
$attrarr = array();
|
||||||
$mode = 0;
|
$mode = 0;
|
||||||
$attrname = '';
|
$attrname = '';
|
||||||
|
@ -3141,6 +3162,17 @@ class H5PContentValidator {
|
||||||
case 2:
|
case 2:
|
||||||
// Attribute value, a URL after href= for instance.
|
// Attribute value, a URL after href= for instance.
|
||||||
if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match)) {
|
if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match)) {
|
||||||
|
if ($allowedStyles && $attrname === 'style') {
|
||||||
|
// Allow certain styles
|
||||||
|
foreach ($allowedStyles as $pattern) {
|
||||||
|
if (preg_match($pattern, $match[1])) {
|
||||||
|
$attrarr[] = 'style="' . $match[1] . '"';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$thisval = $this->filter_xss_bad_protocol($match[1]);
|
$thisval = $this->filter_xss_bad_protocol($match[1]);
|
||||||
|
|
||||||
if (!$skip) {
|
if (!$skip) {
|
||||||
|
|
11
js/h5p.js
11
js/h5p.js
|
@ -774,7 +774,7 @@ H5P.newRunnable = function (library, contentId, $attachTo, skipResize, extras) {
|
||||||
*/
|
*/
|
||||||
H5P.error = function (err) {
|
H5P.error = function (err) {
|
||||||
if (window.console !== undefined && console.error !== undefined) {
|
if (window.console !== undefined && console.error !== undefined) {
|
||||||
console.error(err);
|
console.error(err.stack ? err.stack : err);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -883,10 +883,17 @@ H5P.getCopyrights = function (instance, parameters, contentId) {
|
||||||
var copyrights;
|
var copyrights;
|
||||||
|
|
||||||
if (instance.getCopyrights !== undefined) {
|
if (instance.getCopyrights !== undefined) {
|
||||||
|
try {
|
||||||
// Use the instance's own copyright generator
|
// Use the instance's own copyright generator
|
||||||
copyrights = instance.getCopyrights();
|
copyrights = instance.getCopyrights();
|
||||||
}
|
}
|
||||||
else {
|
catch (err) {
|
||||||
|
// Failed, prevent crashing page.
|
||||||
|
H5P.error(err);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (copyrights === undefined) {
|
||||||
// Create a generic flat copyright list
|
// Create a generic flat copyright list
|
||||||
copyrights = new H5P.ContentCopyrights();
|
copyrights = new H5P.ContentCopyrights();
|
||||||
H5P.findCopyrights(copyrights, parameters, contentId);
|
H5P.findCopyrights(copyrights, parameters, contentId);
|
||||||
|
|
Loading…
Reference in New Issue